secrets lying around on the HD
Gates, Scott
SGates at olbh.com
Tue Apr 13 20:19:51 CEST 2004
There will be temp files, and pieces of files on your machine left as you
create the plaintext document. The editing process is messy. Myself, I do
a daily Disk Cleanup, and weekly Defrag followed by a PGP wipe*3 of the disk
free space. On a 40GB HDD with a medium sized processor, it takes a while,
otherwize I'd do it nightly. I use PGP to wipe files on my HDD that contain
company secrets (yes, the company BOUGHT PGP for data security.
Other than that, I trust GPG & PGP for TRANSFERING data securely--PGP when
I'm able to use it interactively--GPG for batched processes. I know our
network administrator and feel reasonably secure with his ability to keep
the riff-raff out of the network. So, Don't write GPG/PGP off completely.
Perhaps if you could get GPG to work on one of the various KNOPPIX distros?
Burn the client s/w to the bootable CD, then boot with that CD with the HDD
unplugged. Might work. Might not. Could make for an interesting few days
of trying. Then you could encrypt to a virtual drive in memory, send the
data to whomever, and the evidence is automagically permanently deleted when
you power down the machine.
A friend once quoted "Three people can keep a secret, if two of them are
dead". I ran away before he had a chance to share any privledged
information. I haven't seen the him or the other guy since. <GRIN>
-----Original Message-----
From: Per Tunedal Casual [mailto:pt at radvis.nu]
Sent: Tuesday, April 13, 2004 1:38 PM
To: gnupg-users at gnupg.org
Subject: Re: secrets lying around on the HD
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At 15:50 2004-04-13, you wrote:
>On Tue, 13 Apr 2004 14:55:33 +0200, Per Tunedal Casual said: > >> What
about virtual memory (SWAP-files) in Windows? > >That may indeed happen
and we can't do anything about it. The only >possible solution is to write
a device driver and let it allocate >memory for secrets. This memory will
then be managed via ioctls. >There is one such driver available but it is
not Free Software so we >have not looked deeper into it. > >There are
currently rumors that the W32 API VirtualLock does indeed >lock pages
against paging - if this is true we will ad this to the >next GnuPG
version. > > Werner
Fine. I asked all these questions because I suddenly realised that things
like e.g. choosing a safe algo is all in vane if someone easily can bypass
the encryption. By e.g. finding unencrypted keys or the encrypted file in
plaintext on the computer. Per Tunedal
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32) - GPGrelay v0.94
iD8DBQFAfCV2ITLMlZFNlMoRAoa7AJ9MznZ1i0YOeNRl+8JgV9JM/uyF4gCgiJu4
nKZPeA7JOLnut+5ejGCE+iM=
=F3ET
-----END PGP SIGNATURE-----
_______________________________________________
Gnupg-users mailing list
Gnupg-users at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
More information about the Gnupg-users
mailing list